'\" te .\" Copyright (C) 2009, Sun Microsystems, Inc. All Rights Reserved .TH ipsecah 7P "25 Sep 2009" "SunOS 5.11" "Protocols" .SH NAME ipsecah, AH \- IPsec Authentication Header .SH SYNOPSIS .LP .nf \fBdrv/ipsecah\fR .fi .SH DESCRIPTION .sp .LP The \fBipsecah\fR module (\fBAH\fR) provides strong integrity, authentication, and partial sequence integrity (replay protection) to \fBIP\fR datagrams. \fBAH\fR protects the parts of the \fBIP\fR datagram that can be predicted by the sender as it will be received by the receiver. For example, the \fBIP\fR \fBTTL\fR field is not a predictable field, and is not protected by \fBAH\fR. .sp .LP \fBAH\fR is inserted between the \fBIP\fR header and the transport header. The transport header can be \fBTCP\fR, \fBUDP\fR, \fBICMP\fR, or another \fBIP\fR header, if tunnels are being used. .SS "AH Device" .sp .LP AH is implemented as a module that is auto-pushed on top of IP. The entry \fB/dev/ipsecah\fR is used for tuning AH with \fBndd\fR(1M). .SS "Authentication Algorithms" .sp .LP Current authentication algorithms supported include HMAC-MD5 and HMAC-SHA-1. Each authentication algorithm has its own key size and key format properties. You can obtain a list of authentication algorithms and their properties by using the \fBipsecalgs\fR(1M) command. You can also use the functions described in the \fBgetipsecalgbyname\fR(3NSL) man page to retrieve the properties of algorithms. .SS "Security Considerations" .sp .LP Without replay protection enabled, \fBAH\fR is vulnerable to replay attacks. \fBAH\fR does not protect against eavesdropping. Data protected with \fBAH\fR can still be seen by an adversary. .SH ATTRIBUTES .sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp .sp .TS tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) . ATTRIBUTE TYPEATTRIBUTE VALUE _ Availabilitysystem/core-os Interface StabilityCommitted .TE .SH SEE ALSO .sp .LP \fBipsecalgs\fR(1M), \fBipsecconf\fR(1M), \fBndd\fR(1M), \fBattributes\fR(5), \fBgetipsecalgbyname\fR(3NSL), \fBip\fR(7P), \fBipsec\fR(7P), \fBipsecesp\fR(7P) .sp .LP Kent, S. and Atkinson, R.\fIRFC 2402, IP Authentication Header\fR, The Internet Society, 1998.